CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4549
https://notcve.org/view.php?id=CVE-2019-4549
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951. IBM Security Directory Server versión 6.4.0, divulga información confidencial a usuarios no autorizados. La información puede ser usada para montar futuros ataques sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165951 https://www.ibm.com/support/pages/node/1077045 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4542
https://notcve.org/view.php?id=CVE-2019-4542
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815. IBM Security Directory Server versión 6.4.0, es susceptible a una vulnerabilidad de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando de este modo la funcionalidad prevista conllevando potencialmente a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165815 https://www.ibm.com/support/pages/node/1077045 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4539
https://notcve.org/view.php?id=CVE-2019-4539
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812. IBM Security Directory Server versión 6.4.0, no neutraliza apropiadamente los elementos especiales que son usados en XML, permitiendo a los atacantes modificar la sintaxis, el contenido o los comandos del XML antes de que sea procesado por un sistema final. ID de IBM X-Force: 165812. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165812 https://www.ibm.com/support/pages/node/1077045 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4538
https://notcve.org/view.php?id=CVE-2019-4538
IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 165660. IBM Security Directory Server versión 6.4.0, podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165660 https://www.ibm.com/support/pages/node/1077045 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4520
https://notcve.org/view.php?id=CVE-2019-4520
IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 165178. IBM Security Directory Server versión 6.4.0, utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto forzar las credenciales de cuenta. ID de IBM X-Force: 165178. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165178 https://www.ibm.com/support/pages/node/1077045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •